CLAIMS 



What is claimea is: 

1. A method for provisioning, through a first client, a rendezvous to a user account in a 
server to ensWe secure access to the user account by a second client through the 
rendezvous having an address identifier in the server, the method comprising: 

establishing i communication session by the first client with the server using a first 
communication prWcol according to the address identifier of the rendezvous; the first 
client having a clieiit identification associated v^th the user account and ruiming a first 
browser; \ 

authenticating muttolly between the fipst^ient and the server so that the 
communication session becomes authenticated between the first client and the server; 

establishing user credential hrformation for thej^ezvous by the first client; and 

associating the user credafetial inform^tkJn^wH^ the rendezvous to the user account in 
the server wherein the user kcitonfm the serv^ecome5..aecgssibIe by the second client 
through the rendezvous by supplymg the user credential information thereof 

2. The method as recited in claim 1, ^herein the authenticating mutually between the first 
client and the server comprises: \ 

determining by the server if theVirst client has the user account created therefor 
and authorized therein according to the\client identification of the first client; 

sending a reply response by the server to the first client if the above determining 
the first client by the server succeeds, wherein the reply response comprises server 
information; \ 

determining, upon receiving the reply response from the server, by the first client 
if the server is recognized by examining the received server information. 
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3. The method as re^tited in claim 1, wherein the authenticating mutually between the first 
Ghent and the servW comprises generating a session credential information comprising a 
mutually accepted dipher and a mutually accepted encrypt key such that all subsequent 
transactions between\ the first client and the server are encrypted by the encrypt key 
according to the cipher. 

4. The method as recited inVlaim 3, further comprising: 

establishing a connection by the second client to the rendezvous using a second 
communication protocol acVording to the address identifier thereof, wherein the second 
client runs a second browserA 

supplying the user credentiVl iilformatiop^the rendezvous by the second client using 

the second browser; A / 

verifying the supplied user crSentiallinfoi^^ and 

allowing access by the second Jdient using the second communication protocol to the 

user account in the server if the supplied user credential information is verified. 

5. A system for secure access over a dataVietwork to a user account, through a rendezvous 
identified by an address identifier, in\ a server, the rendezvous being exclusively 
designated to the user account, the system comprising: 

a server coupled to the data network; \ 

a first client, remotely located with respect to the server and coupled to the data 
network using a first communication protocol, hLing a client identification and running a 
first browser; \ 

a second client, coupled to the data network usi\g a second communication protocol, 
running a second browser; \ 

a communication protocol mapper for mapping the fikt communication protocol to the 
second communication protocol and the second commOnication protocol to the first 
communication protocol, and \ 
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means for establishinglan authenticated communication session between the first client 
and the server through the data network, the authenticated communication session 
establishing means comprising: 

means for recogni^ng the first cUent by the server according to the client 
identification and \ 

means for recognizing the server by the first client according to a reply response 
from the server after the first client is recognized by the server. 

6. The system as recited in claim A ftirther comprisipginearis, in the first client and through 
the established authenticated coiWunicatkKfsession, for updating the rendezvous with 
user credential uiformation. \ / 

7. The system as recited in claim (gWrtfier c/mprising meansJpi>-?eiTfying the user 
credential information supplied by th^ second cllenf^jsilig^ second browser after the 
second client logs onto the rendezvous According to the address identifier thereof. 

8. The system as recited in claim 7 whereiA the first client is a thin computing device and 
wherein the first browser is a micro-browser. 

9. The system as recited in claim 7 wherein the first client is a mobile phone; wherein the 
first browser is an Handheld Markup Language browser and wherein the first 
communication protocol is Handheld Device Tmnsport Protocol. 

10. The system as recited in claim 9 wherein the secdnd client is a personal computer coupled 
to the data network. \ 

11. The system as recited in claim 10, wherein the \econd communication protocol is 
Hypertext Transfer Protocol and wherein the secondWowser is an Hypertext Markup 
Language browser. \ 
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12. A method for provisioning, through a first client, a rendezvous to a user account in a 
server to ensure secure access to the user account by a second client through the 
rendezvous having an ad iress identifier in the server, the method comprising: 

initiating a transact on signal by the first client to the server using a first 
communication protocol; Ithe first client having a client identification associated with the 
user account and runninda first browser, wherein the transaction signal comprises the 
client identification and the address identifier of;ihe'rendezvous; 

examining a communication sessipn^tweep. the first client and the server, wherein 
the examining session comprises^ 

creating the corfuiiunic^t^ between the first client and the server if 

the communicatioh-se^on i/not in existence or isjjot-valid; 

conducting mutual aWhenticatiofHjefAA?^ first client and the server; and 
generating session credential information for the communication session such 
that subsequent transactioiis are encrypted by the session credential information; 
establishing by the first client! user credential information for the rendezvous if the 
commimication session is valid; anJ 

associating the user credential inVormation with the rendezvous to the user account in 
the server. 

13. The method as recited in claim 12 ftirtfier comprising updating the managed information 
in the user account in the server by the fik client using the first browser. 

14. The method as recited in claim 13, whereinW first browser is a micro-browser. 

15. The method as recited in claim 14, wherei\i the first browser is an Handheld Device 
Markup Language browser. 
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16. The method as recited in claim /l 5 wherein the initiating the transaction signal comprises 
hyperlinking the rendezvous Jsing the first communication protocol according to the 
address identifier of the rendezvous. 

17. The method as recited in claim|l6 wherein the first browser is Handheld Device Markup 
Language browser and wherein the first communication protocol is Handheld Device 
Transfer Protocol. 

18. The method as recited in claim ^7, wherein the user credential information comprises 
usemame and a password; 

19. The method as recited in claim li wji^in the^^action signal initiated by the first 
client comprises the address identifier of thepeMezvous. 

20. The method as recited in claim ]^>^reir/the mutual atuh^urtitation conduc between 
the first client and the server comprisds the lervefcSnducting a client authentication and 
the client conducting a server authentication, wherein the client and the server are 
communicated in the authenticated comnVmication session. 

21. The method as recited in claim 12, wherkn the transaction signal initiated by the first 
client comprises at least one client messa^je encrypted by a secret encrypt key shared 
between the first client and the server. 

22. The method as recited in claim 21, wherein thd^ mutual authentication conducting between 
the first client and the server comprises: 

conducting a first client authentication in theWrver by decrypting the encrypted client 
message in the transaction signal from the first clidit; 

conducting a first server authentication in the flrst client by decrypting an encrypted 
server message in a server response fi-om the server \fter the first client authentication in 
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client derivative of the client 



the server succeeds, whereii the server response further comprises a session key and a 



lessage; 



conducting a second server authentication in the first client by verifying the client 
derivative with respect to the client message; 

conducting a second client lauthentication in the server by decrypting a client response 
from the first client wherein th^ client response comprises a server derivative of the server 
message; and 

finalizing session credential Information comprising a session ID, the session key and 
a mutually agreed cipher such thdt subsequent trajis^ctiohs between the first client and the 
server are encrypted by the sessiofl key accp^ing to the^utualiy agreed cipher. 

23. The method as recited in claim 12 fmmer comernsihg: 

establishing a second commuMiatipffsessicj^i between^h^cond client and the server 
using a second communication protocol according to the address identifier of the 
rendezvous; 

providing the user credential inforiiation, by the second client, to the rendezvous; 
verifying the user credential infon^ation provided by the second client in the server; 

and 

accessing the managed information W the user account in the server by the second 
client using a second browser if the use^ credential information supplied by the second 
client is verified. 



24. The method as recited in claim 23, whereiii the establishing the communication session 
between the second client and the server comprises creating the communication session 
between the second client and the server if thd^ communication session is not in existence 
or is not valid. 



25. A system for secure acces ;, through a rendezvous having an address identifier, a user 
account in a server, the rendezvous being exclusively designated to the user account, the 
system comprising: 

a data network comprising an aimet supporting a first communication protocol and 
a landnet supporting a kecond communication protocol, the landnet coupled to the 
server; 1 

a first client, remoteljr located with respect to the server and coupled to the aimet 
using a first communication protocol, h^}i4tTg~^ client identification exclusively 
associated with the rendezlous zndpi^ng a first browser ; 

a second client coupledlta^ iandpef^sing a second communication protocol and 
running a second browser/! / 

means for mapping (Ih^^t conimtoication pr9X0c6fto the second communication 
protocol and the second conAnunication protocol to the first communication protocol: 
the first client communicating with the server via the communication protocol means; 

means for creating an authenticated and secure communication session between 
the first client and the server Wough the data network; the session creating means 
comprising: \ 

means for requesting the Session by the first client to the server if the session is 
not in existence or in not validl 

means for conducting mutual authentication between the first client and the 
server; and \ 

means for generating session Credential information for the session in creation; 
means, in the first client and through the created session, for updating the 
rendezvous with user credential infoAnation by a first browser such that the user 
account is accessible by the second dlient through the rendezvous with the user 
credential information. \ 
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26. The system as recited in claim/ 25, further comprising means, in the second client, for 



providing the user credential 
account in the server, thereby 
therein using the second brows«;r. 



nformation to the rendezvous so as to access the user 
the second client can update the managed information 



27. The system as recited in claim! 26 wherein the first client is a mobile computing device 
and wherein the first browser is a micro-browser. 

28. The system as recited in claim \27, wherein the first client is a cellular telephone and 
wherein the first communicatioA protocol is Handheld Device Transfer Protocol and 
wherein the first browser is HandhWd Device Markup Language. 

29. The system as recited in claim 27\ wh^rdn th^first client is a ceihdar telephone and 
wherein the first communication protocol i^ypertexl Trans|er^otocol and wherein the 
first browser is Handheld Device Marfeip Lamuage bje^er. 

30. The system as recited in claim 25, whefcein the conducting mutual authentication means 
comprises: 

means for conducting first client authentication in the server; 

means for conducting first server authentication in the first after the first client 

authentication in the server succeeds; 

means for conducting second server authentication in the first client; and 
means for conducting second client authentication in the server after the first and 

second server authentication succeed in the first client. 

31. The system as recited in claim 30, further comprising means for generating session 
credential information for the first client and the \erver; wherein the credential 
information comprises a session ID, a session key and a miimally agreed cipher such that 
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subsequent transactions be 
key according to the mutua 




the first client and the server are encrypted by the session 
epted cipher; 
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